Ed Gibson, Chief Security Advisor
Back to Basics: Telephone Scams with a Technology Twist
Sometimes we get so busy we forget the basics. This certainly applies in the world of online security. Not too long ago, I was reading that certain organised crime (OC) groups engaging in criminal activities on the internet have gone back to using the postal service to transmit their messages because of the security measures now in place to track electronic communications. I tried to remember the last time I applied for a subpoena to obtain postal records during my career as an FBI Agent. It would have taken a bit of refresh to go through that process again. Of course, that's what OC counts on.
Just last week, yet another spin on 'back to basics' with a technology spin; listen to this one.
The owner of a '.com' web domain name is telephonically contacted by someone claiming to work for a domain registration service. The caller advises the owner that someone else operating a similar business is set to register the '.net', '.org', and '.co.uk' domains of the same web address. The caller said he can stop these registrations, and therefore possible dilution of the owner's business, but the owner must buy the domains now - with a credit card. The owner agrees to pay the asking price of $200 for each.
The owner is feeling quite proud of herself . . . until another telephone call a couple of days later. The caller tells the owner that her credit card did not go through; could she please confirm all the details one more time to ensure her domains are captured in her name. Without thinking, she confirms her details.
Days later she finds out that several thousand pounds have been charged against her credit card.
The moral of this story: the owner should have simply registered the domains herself, if at all.
Edward P Gibson
Chief Security Advisor
Please let me know if there are subjects you would like to see in the Security Newsletter - email EdGibson@Microsoft.com.